Network Address Translation (NAT)

Network Address Translation (NAT) is a method that allows computers on a LAN that uses a private IP addressing scheme to connect to an external IP network via a router that acts as an agent between the local network and the Internet. A host in a local network that has been allocated a private IP address can be enabled to communicate with a host on an external network by mapping its private IP address to one of a pool of registered IP addresses. The number of local hosts that can have simultaneous access to external networks is limited to the number of registered IP addresses available. If a local host requires a guaranteed connection with an external network, or if it must be accessible to external hosts, the mapping may be done statically. Alternatively, dynamic NAT can be used to allocate registered IP addresses on demand, providing greater flexibility. Some high-level protocols such as FTP embed the client IP address within their protocol data unit (PDU). NAT replaces this private IP address with a registered IP address. The PDU's checksum must also be recalculated and replaced.


Network Address Port Translation (NAPT)

Many networks now use private IP addresses, with only the WAN link on network's gateway router having a registered IP address. Multiple network hosts can access the Internet simultaneously via the router's registered IP address using Network Address Port Translation (NAPT). The router's registered IP address is used for all outgoing packets, but the TCP and UDP ports for each host are mapped to individually assigned port numbers on the router. Inbound access can also be configured by mapping a service port associated with the router's registered IP address to the relevant service port on a specified local host. When the router receives a packet from a local host, it saves the host IP address and source port number to an address translation table, and substitutes its own IP address and designated port number. The address translation table creates a mapping between the local host's IP address and source port, and the port assigned by the router for the connection. For incoming packets, the router compares the destination port specified in the packet with the address translation table to determine the destination local host's IP address and source port number. It then makes the necessary changes to the destination IP address and port number values within the inbound packet, and delivers the packet to the specified local host. The entries in the address translation table are deleted from the table if they are not accessed within a specified time interval. The table below illustrates the mapping process.

Network Address Port Translation
Local HostHost IP AddressSource PortRouter IP AddressRouter Assigned Port Number
A192.168.32.10400215.37.32.2031
B192.168.32.1350215.37.32.2032
C192.168.32.153750215.37.32.2033
D192.168.32.18206215.37.32.2034

The number of simultaneous translations supported by a router is determined primarily by the amount of memory it has available. A typical entry in the address translation table takes up about 160 bytes, so a router with 4 MB of DRAM could theoretically process 26,214 simultaneous translations, more than enough for most applications.